<?php
include('../include/config.php');
session_start();

$username          = $_SESSION['username'];
$oldPassword       = $_POST['old'];
$newPassword       = $_POST['new'];
$newPasswordRetype = $_POST['newRetype'];

if($oldPassword == '') {
    header('Location: user-account.php?error=1');
}
else if($newPassword == '') {
    header('Location: user-account.php?error=2');
}
else if($newPassword != $newPasswordRetype) {
    header('Location: user-account.php?error=3');
}
else if(!login_check($username, $oldPassword)) {
    header('Location: user-account.php?error=4');
}
else{
    change_password($username, $newPassword);
    echo "
    <script>
        alert('Success');
        window.location.href = '../index.php';
    </script>
    ";
}
?>